Thursday, July 7, 2011

General File Information - April 2011

This is an updated version of TDL4, which made a lot of news recently thanks to being named the ‘indestructible’ botnet. This is the last / current version and it is dated April 2011 (the previous version is from January 2011)

All the credits and many thanks for the files and comments go to @EP_X0FF @InsaneKaos @markusg @USForce from KernelMode.info. I am posting the files and their comments here because of the the large number of inquiries for the updated version.

In April 2011 Microsoft released KB2506014
targeting 0.03 version, exactly boot loader and kd dll - and it was
able to successfully prevent TDL4 from working. However, the rootkit support strike
back within two weeks releasing their update, which could bypass the MS patch. The rootkit
version wasn't changed.